Question:
How do I utilize Novell’s auditing features to audit various events on a NetWare 4.x server?

Answer:
The auditing features are available via the auditcon command in Novell4.x. This command is typically located in the SYS:PUBLIC directory.

In order to set up auditing, follow these simple steps:

1. Type auditcon and press enter.
2. In order to audit directory services events, select “Audit DirectoryServices.”
3. Select “Audit Directory Tree.”
4. Select your context, for instance “Root,” or your organizational unit or organization.
5. You will now need to enable container auditing, i.e. specify a password.
6. After you confirm your password, you will be required to perform the”Auditor login” by typing the password.
7. Upon successful login, choose the “Auditing Configuration” option.
8. Here you can turn auditing for various actions, such as DirectoryServices events, or even set up auditing by user. You can also modify the audit file attributes, change the auditor’s password or disable auditing.
9. Choose “Audit by DS events” and toggle the events you want audited to “Yes” status. Choose all or as many events as you wish.
10. Save your changes and press to exit. You have now turned on auditing on your system.

To view your audit file or run reports, these steps must be executed:

1. Start the auditcon utility.
2. Choose “Audit Directory Services.”
3. Choose your context and press F10.
4. Select “Auditing Reports” from the menu.
5. You may now choose “View Audit File” and set up viewing.
6. You will also be presented with an opportunity to set up various filters. Simply press from the filters screen. You can also choose to have no filters and thus display the entire file.